Forum Discussion

Copper Contributor

May 17, 2019

Solved

Send Event to Events Hub

Does Azure ATP allow you to send events to Events Hub (https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-about)? I'm not very familiar with Events Hub, but know we are collecting event...

Nicholas DiCola (SECURITY JEDI)
May 22, 2019
archedmeerkat

For alerts outbound, today we support the syslog model only. We have a public preview coming soon that will move AATP to a new portal. When moving to that portal, the event hubs model will work.

Nicholas DiCola (SECURITY JEDI)

Former Employee

May 21, 2019

archedmeerkat

No you can send events to event hub then to Azure ATP. AATP collects its data from the sensor. You have to install the sensor on your domain controllers in Active Directory.

archedmeerkat
Copper Contributor
May 22, 2019

I understand we need the sensors to get the data into AATP, I was referring to Suspicious Activity and Health alerts being sent to Events Hub, rather than using a sensor to syslog the events to our SIEM. Just seems like a little cleaner solution for our environment, if available.
- Nicholas DiCola (SECURITY JEDI)
  Former Employee
  May 22, 2019
  archedmeerkat
  
  For alerts outbound, today we support the syslog model only. We have a public preview coming soon that will move AATP to a new portal. When moving to that portal, the event hubs model will work.
  - bryanb
    Brass Contributor
    Dec 10, 2019
    Nicholas DiCola (SECURITY JEDI) Hello, I'm also looking at configuration options to forward ATP alerts to EventHub. Is the "ATP to a new portal." online now? If there are any documentation links you can provide that would be great.
    
    Thanks!